Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[nse] bug: a race in broadcast-dhcp-discover.nse

From: Vasiliy Kulikov <segoon () openwall com>
Date: Sat, 1 Oct 2011 12:01:51 +0400
    action = function()
        ...
        local status, packet = dhcp.dhcp_build(request_type, ip_address, mac, request_options, overrides, lease_time, 
transaction_id)
        ...
        socket:sendto( host, port, packet )
        ...
        -- start a listening thread for each interface
        for iface, _ in pairs(interfaces) do
            local co = stdnse.new_thread( dhcp_listener, iface, timeout, transaction_id, result )
            threads[co] = true
        end
        ...
    end

    local function dhcp_listener(iface, timeout, xid, result)
        ...
        sock:pcap_open(iface, 1500, false, "ip && udp && port 68")
        ...
    end

The packet is sent before pcap_open().  If our host is slow and remote
host is fast, we'll get a result before we start to listen.  IOW the
response will be lost.

-- 
Vasiliy
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: